CVE-2018-11046
MEDIUMPivotal Operations Manager 2.0.14 and 2.1.x < 2.1.6 - Unpatched NGINX Vulnerabilities
Title source: llmDescription
Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104545
Mitigation, Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2018-11046
Scores
CVSS v3
6.5
EPSS
0.0090
EPSS Percentile
55.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
pivotal_software/operations_manager
2.0.14
pivotal_software/operations_manager
2.1.0 - 2.1.6
Published
Jun 25, 2018
Tracked Since
Feb 18, 2026